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CLAIM AMENDMENTS 




1 1 . (Original) A method for providing shared secret keys for communicating through a 

2 secure channel between members of a dynamically changing multicast group 

3 connected over an insecure network, the method comprising the computer- 

4 implemented steps of: 

5 computing a first shared secret key for establishing a first multicast group that 

6 includes a set of one or more first members; 

7 generating a first multicast group exchange key based on the first shared secret key; 

8 receiving a first user exchange key from a first user requesting entry into the first 

9 multicast group; 

10 computing a second secret key based on the first user exchange key and the first 

1 1 shared secret key; 

12 sending the first multicast group exchange key to the first user, wherein the first 

13 multicast group exchange key allows the first user to generate the second 

14 shared secret key; and 

15 establishing a second multicast group whose members include the first user and the 

16 set of one or more first members of the first multicast group, wherein the 

17 second shared secret key provides a first secure channel for communicating 

18 between members of the second multicast group over the insecure network. 

1 2. (Original) The method as recited in Claim 1, wherein the step of computing a first 

2 shared secret key includes the steps of: 

3 selecting a private non-zero random integer "x"; 

4 selecting a public non-zero integer "g"; 

5 selecting a pubhc prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 

7 k = (g'' mod (n)). 
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1 3. (Original) The method as recited in Claim 2, wherein the step of generating a first 

2 multicast group exchange key includes the step computing the first multicast group 

3 exchange key K' according to the relation 

4 K' = (g'' mod (n)). 

1 4. (Original) The method as recited in Claim 2, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first 

3 user exchange key value Y' computed according to the relation 

4 Y' = (g^ mod (n)), 

5 wherein "y" is a private non-zero random integer selected by the first user; and 

6 the step of computing a second secret key includes the step computing the second 

7 secret key "kl" according to the relation 

8 kl =(Y'^mod(n)). 

1 5. (Currently Amended) The method as recited in Claim 2, wherein the step of sending 

2 the first multicast group exchange key to the first user further comprises the first user 

3 computing the second secret key "kl" according to the relation 

4 kl -(K'ymod(n)), 

5 wherein "v" is a private non-zero random integer selected by the first user; and 

6 wherein K' is the first multicast group exchange key . 

1 6. (Original) The method as recited in Claim 1, wherein: 

2 the step of receiving a first user exchange key fi'om a first user comprises the step of 

3 verifying that the first user should be allowed entry into the first multicast 

4 group; and 

5 providing the first user with the first multicast exchange key only after the first user is 

6 verified for entry into the first multicast group. 
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1 7. (Original) The method as recited in Claim 1, further comprising the steps of: 

2 generating a second multicast group exchange key based on the second shared secret 

3 key; 

4 receiving a second user exchange key from a second user requesting entry into the 

5 second multicast group; 

6 computing a third secret key based on the second user exchange key and the second 

I 7 shared secret key; 

8 sending the second multicast group exchange key to the second user, wherein the 

9 second multicast group exchange key allows the second user to generate the 
10 third shared secret key; and 

I I establishing a third multicast group whose members include the second user and the 

12 members of the second multicast group, wherein the third shared secret key 

13 provides a second secure channel for communicating between members of the 

14 third multicast group over the insecure network. 

1 8. (Original) The method as recited in Claim 2, further comprising the steps of: 

2 determining that a first departing member has left the second multicast group; 

3 selecting a private multicast group non-zero random integer; 

4 generating a second multicast group exchange key based on the private multicast 

5 group non-zero random integer, the public non-zero integer "g" and the public 

6 prime integer "n"; 

7 broadcasting the second multicast group exchange key to each remaining member of 

8 the second multicast group; 

9 in response to receiving the second multicast group exchange key, each remaining 

10 member computing a third secret key based on the second multicast group 

1 1 exchange key and the second shared secret key; and 

12 establishing a third multicast group whose members include only remaining members 

13 of the second multicast group, wherein the third shared secret key provides a 

14 second secure channel for communicating between members of the third 

15 multicast group over the insecure network. 
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9. (Currently amended) The method as recited in Claim 1, wherein the step of 
establishing a second multicast group requires a total of approximately N+l messages 
for providing the first secure channel for communicating between members of the 
second multicast group over the insecure networ k, wherein N is a number of members 
of the first multicast group . 

10. (Original) A computer-readable medium carrying one or more sequences of one or 
more instructions for communicating through a secure channel between members of a 
dynamically changing multicast group connected over an insecure network, and which 
instmctions, when executed by one or more processors, cause the one or more 
processors to perform the steps of: 

computing a first shared secret key for establishing a first muhicast group that 

includes a set of one or more first members; 
generating a first multicast group exchange key based on the first shared secret key; 
receiving a first user exchange key fi-om a first user requesting entry into the first 

multicast group; 

computing a second secret key based on the first user exchange key and the first 
shared secret key; 

sending the first multicast group exchange key to the first user, wherein the first 
multicast group exchange key allows the first user to generate the second 
shared secret key; and 

establishing a second multicast group whose members include the first user and the 
set of one or more first members of the first multicast group, wherein the 
second shared secret key provides a first secure channel for communicating 
between members of the second multicast group over the insecure network. 

11. (Original) The computer-readable medium as recited in Claim 10, wherein the step of 
computing a first shared secret key includes the steps of: 

selecting a private non-zero random integer "x"; 
selecting a public non-zero integer "g"; 
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5 selecting a public prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 

7 k - (g" mod (n)). 

1 12. (Original) The computer-readable medium as recited in Claim 1 1, wherein the step of 

2 generating a first multicast group exchange key includes the step computing the first 

3 multicast group exchange key K' according to the relation 

4 K' = (gVod (n)). 

1 13. (Original) The computer-readable medium as recited in Claim 1 1, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first 

3 user exchange key value Y' computed according to the relation 

4 Y' = (gymod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first user; and 

6 the step of computing a second secret key includes the step computing the second 

7 secret key "kl " according to the relation 

8 kl =(¥'*" mod (n)). 

1 14. (Currently Amended) The computer-readable medium as recited in Claim 1 1 , 

2 wherein the step of sending the first multicast group exchange key to the first user 

3 further comprises the first user computing the second secret key "kl" according to the 

4 relation 

5 kl=(K'ymod(n)), 

6 wherein 'V ' is a private non-zero random integer selected by the first user: and 

7 wherein K' is the first multicast group exchange kev . 

1 15. (Original) The computer-readable medium as recited in Claim 10, wherein: 

2 the step of receiving a first user exchange key from a first user comprises the step of 

3 verifying that the first user should be allowed entry into the first multicast 

4 group; and 



Docket No. 50325-0127 (2380) 



8 



Application of Srinath GUNDAVELLI, et al., Ser. No. 09/608,831, Filed Jime.30, 2000 
Reply to Office Action 



5 providing the first user with the first multicast exchange key only after the first user is 

6 verified for entry into the first multicast group. 

1 16. (Original) The computer-readable medium as recited in Claim 10, fiirther comprising 

2 instructions for performing the steps of: 

3 generating a second multicast group exchange key based on the second shared secret 

4 key; 

5 receiving a second user exchange key firom a second user requesting entry into the 

6 second multicast group; 

7 computing a third secret key based on the second user exchange key and the second 

8 shared secret key; 

9 sending the second multicast group exchange key to the second user, wherein the 

10 second multicast group exchange key allows the second user to generate the 

1 1 third shared secret key; and 

12 establishing a third multicast group whose members include the second user and the 

13 members of the second multicast group, wherein the third shared secret key 

14 provides a second secure channel for communicating between members of the 

15 third multicast group over the insecure network. 

1 17. (Original) The computer-readable medium as recited in Claim 11, fiirther comprising 

2 instructions for performing the steps of; 

3 determining that a first departing member has left the second multicast group; 

4 selecting a private multicast group non-zero random integer; 

5 generating a second multicast group exchange key based on the private multicast 

6 group non-zero random integer, the public non-zero integer "g" and the public 

7 prime integer "n"; 

8 broadcasting the second multicast group exchange key to each remaining member of 

9 the second multicast group; 

10 in response to receiving the second multicast group exchange key, each remaining 

1 1 member computing a third secret key based on the second multicast group 

12 exchange key and the second shared secret key; and 

9 
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establishing a third multicast group whose members include only remaining members 
of the second multicast group, wherein the third shared secret key provides a 
second secure channel for communicating between members of the third 
multicast group over the insecure network. 

1 8. (Currently Amended) The computer-readable mediimi as recited in Claim 10, 
wherein the step of establishing a second multicast group requires a total of 
approximately N+l messages for providing the first secure channel for 
communicating between members of the second multicast group over the insecure 
network , wherein N is a number of members of the first multicast group . 

19. (Original) A network device configured for communicating through a secure channel 
between members of a dynamically changing multicast group connected over an 
insecure network, comprising: 

a network interface; 

a processor coupled to the network interface and receiving information from the 
network interface; 

a computer-readable medium accessible by the processor and comprising one or more 
sequences of instructions which, when executed by the processor, cause the 
processor to carry out the steps of: 

computing a first shared secret key for establishing a first multicast group that 

includes a set of one or more first members; 
generating a first multicast group exchange key based on the first shared secret 

key; 

receiving a first user exchange key fi-om a first user requesting entry into the 

first multicast group; 
computing a second secret key based on the first user exchange key and the 

first shared secret key; 
sending the first multicast group exchange key to the first user, wherein the 

first multicast group exchange key allows the first user to generate the 

second shared secret key; and 
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21 establishing a second multicast group whose members include the first user 

22 and the set of one or more first members of the first multicast group, 

23 wherein the second shared secret key provides a first secure chaimel 

24 for communicating between members of the second multicast group 

25 over the insecure network. 

1 20. (Original) The network device as recited in Claim 19, wherein the step of computing 

2 a first shared secret key includes the steps of: 

3 selecting a private non-zero random integer "x"; 
^ 4 selecting a public non-zero integer "g"; 

5 selecting a public prime integer "n"; and 

6 computing the first shared secret key "k" according to the relation 

7 k = (g^ mod (n)). 

1 21 . (Original) The network device as recited in Claim 20, wherein the step of generating 

2 a first multicast group exchange key includes the step computing the first multicast 

3 group exchange key K' according to the relation 

4 K' = (g*^ mod (n)). 

1 22. (Original) The network device as recited in Claim 20, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first 

3 user exchange key value Y' computed according to the relation 

4 Y' = (gymod(n)), 

5 wherein ' is a private non-zero random integer selected by the first user; and 

6 the step of computing a second secret key includes the step computing the second 

7 secret key "kl" according to the relation 

8 kl = (Y' mod (n)). 
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1 23. (Currently Amended) The network device as recited in Claim 20, wherein the step of 

2 sending the first multicast group exchange key to the first user further comprises the 

3 first user computing the second secret key "kl" according to the relation 

4 kl = (K'y mod (n)), 

5 wherein W is a private non-zero random integer selected by the first user: and 

6 wherein is the first multicast group exchange key . 



(Original) The network device as recited in Claim 19, wherein: 

the step of receiving a first user exchange key firom a first user comprises the step of 

verifying that the first user should be allowed entry into the first multicast 

group; and 

providing the first user with the first multicast exchange key only after the first user is 
verified for entry into the first multicast group. 



1 25. (Original) The network device as recited in Claim 19, further comprising instructions 

2 for performing the steps of: 

3 generating a second multicast group exchange key based on the second shared secret 

4 key; 

5 receiving a second user exchange key fi"om a second user requesting entry into the 

6 second multicast group; 

7 computing a third secret key based on the second user exchange key and the second 

8 shared secret key; 

9 sending the second multicast group exchange key to the second user, wherein the 

10 second multicast group exchange key allows the second user to generate the 

1 1 third shared secret key; and 

12 establishing a third multicast group whose members include the second user and the 

1 3 members of the second multicast group, wherein the third shared secret key 

14 provides a second secure channel for communicating between members of the 

1 5 third multicast group over the insecure network. 
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1 26. (Original) The network device as recited in Claim 20, further comprising instructions 

2 for performing the steps of: 

3 determining that a first departing member has left the second multicast group; 

4 selecting a private multicast group non-zero random integer; 

5 generating a second multicast group exchange key based on the private multicast 

6 group non-zero random integer, the public non-zero integer "g" and the public 

7 prime integer "n"; 

8 broadcasting the second multicast group exchange key to each remaining member of 

9 the second multicast group; 

10 in response to receiving the second multicast group exchange key, each remaining 

1 1 member computing a third secret key based on the second multicast group 

12 exchange key and the second shared secret key; and 

13 establishing a third multicast group whose members include only remaining members 

14 of the second multicast group, wherein the third shared secret key provides a 

15 second secure channel for communicating between members of the third 

16 multicast group over the insecure network. 

1 27. (Currently Amended) The network device as recited in Claim 19, wherein the step of 

2 establishing a second multicast group requires a total of approximately N+1 messages 

3 for providing the first secure channel for commimicating between members of the 

4 second multicast group over the insecure network , wherein N is a number of members 

5 of the first multicast group . 

1 28. (Original) A network device configured for communicating through a secure channel 

2 between members of a dynamically changing multicast group connected over an 

3 insecure network, comprising: 

4 means for computing a first shared secret key for establishing a first multicast group 

5 that includes a set of one or more first members; 

6 means for generating a first multicast group exchange key based on the first shared 

7 secret key; 
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8 means for receiving a first user exchange key firom a first user requesting entry into 

9 the first multicast group; 

10 means for computing a second secret key based on the first user exchange key and the 

1 1 first shared secret key; 

12 means for sending the first multicast group exchange key to the first user, wherein the 

13 first multicast group exchange key allows the first user to generate the second 

14 shared secret key; and 

15 means for establishing a second multicast group whose members include the first user 

1 6 and the set of one or more first members of the first multicast group, wherein 

17 the second shared secret key provides a first secure channel for 

1 8 communicating between members of the second multicast group over the 

1 9 insecure network. 

1 29. (Original) A method for generating a shared secret key for use by a first member, a 

2 second member, and a third member who joins the first member and the second 

3 member for secure communication as a multicast group over an insecure network, the 

4 method comprising the computer-implemented steps of: 

5 generating a first multicast group exchange key K' based on a first shared secret key 

6 "k" that is used by a first multicast group that includes the first member and 

7 the second member, wherein k = (g'' mod (n)), "x" is a private non-zero 

8 random integer, "g" is a public non-zero integer, and "n" is a pre-determined 

9 public prime integer, and wherein K' - (g^ mod (n)); 

10 receiving a first user exchange key fi'om the third member as part of a request by the 

1 1 third member to enter the first multicast group; 

12 sending the first multicast group exchange key to the first member, wherein the first 

13 multicast group exchange key allows the first member to generate a second 

14 secret key based on the first user exchange key and the first shared secret key; 

15 and 

16 establishing secure communication in a second multicast group whose members 

1 7 include the first member, the second member and the third member, and based 

18 on the second shared secret key. 

14 
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1 30. (Original) The method as recited in Claim 29, wherein 

2 the step of receiving a first user exchange key includes the step of receiving a first 

3 user exchange key value Y' computed according to the relation 

4 Y' = (gymod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first member; 

6 and 

7 the step of computing a second secret key includes the step computing the second 
secret key "kl" according to the relation 
kl=(Y'^mod(n)). 

3 1 . (Original) The method as recited in Claim 29, wherein the step of sending the first 
multicast group exchange key to the first member further comprises the first member 
computing the second secret key "kl" according to the relation 
kl - (K'^ mod (n)). 

1 . 32. (Original) The method as recited in Claim 29, wherein the step of receiving a first 

2 user exchange key fi"om a first member comprises the step of providing the first user 

3 with the first multicast exchange key only after verifying that the first user is allowed 

4 to enter the first multicast group. 

1 33. (Original) The method as recited in Claim 29, further comprising the steps of: 

2 determining that a first departing member has left the second multicast group; 

3 selecting a private multicast group non-zero random integer; 

4 generating a second multicast group exchange key based on the private multicast 

5 group non-zero random integer, the public non-zero integer "g" and the public 

6 prime integer "n"; 

7 broadcasting the second multicast group exchange key to each remaining member of 

8 the second multicast group; 
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in response to receiving the second multicast group exchange key, each remaining 
member computing a third secret key based on the second muhicast group 
exchange key and the second shared secret key; and 

estabUshing a third multicast group whose members include only remaining members 
of the second multicast group, wherein the third shared secret key provides a 
second secure channel for communicating between members of the third 
multicast group over the insecure network. 

34. (New) The method as recited in Claim 1, wherein: 

the first user exchange key is received by a particular first member of the set of one or 

more first members; 
further comprising the step of the particular first member sending the first user 

exchange key to the other first members of the set of one or more first 

members; and 

wherein each first member of the set of one or more first members computes the 
second secret key based on the first user exchange key and the first shared 
secret key. 

35. (New) The method as recited in Claim 1, wherein: 

the first user exchange key is received by a particular first member of the set of one or 
more first members; 

the other first members of the set of one or more first members receive the first user 

exchange key from the first user; and 
each first member of the set of one or more first members computes the second secret 

key based on the first user exchange key and the first shared secret key. 

36. (New) The method as recited in Claim 1, wherein: 

the set of one or more first members is a set of one or more first workstations; and 
the first user is a second workstation. 
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1 37. (New) The computer-readable medium as recited in Claim 10, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 further comprising instructions for performing the step of the particular first member 

5 sending the first user exchange key to the other first members of the set of one 

6 or more first members; and 

7 wherein each first member of the set of one or more first members computes the 

8 second secret key based on the first user exchange key and the first shared 

9 secret key. 

1 38. (New) The computer-readable medium as recited in Claim 10, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key fi-om the first user; and 

6 each first member of the set of one or more first members computes the second secret 

7 key based on the first user exchange key and the first shared secret key. 

1 39. (New) The computer-readable medium as recited in Claim 10, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 

1 40. (New) The network device as recited in Claim 19, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the computer-readable medium further comprises instructions for performing the step 

5 of the particular first member sending the first user exchange key to the other 

6 first members of the set of one or more first members; and 
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7 wherein each first member of the set of one or more first members computes the 

8 second secret key based on the first user exchange key and the first shared 

9 secret key. 

1 41 . (New) The network device as recited in Claim 1 9, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key fi-om the first user; and 

6 each first member of the set of one or more first members computes the second secret 

7 key based on the first user exchange key and the first shared secret key. 

1 42. (New) The network device as recited in Claim 19, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 

1 43. (New) The network device as recited in Claim 28, wherein the means for computing 

2 a first shared secret key includes: 

3 means for selecting a private non-zero random integer "x"; 

4 means for selecting a public non-zero integer "g"; 

5 means for selecting a public prime integer "n"; and 

6 means for computing the first shared secret key "k" according to the relation 

7 k = (g'mod(n)). 

1 44. (New) The network device as recited in Claim 43, wherein the means for generating a 

2 first multicast group exchange key includes means for computing the first multicast 

3 group exchange key K' according to the relation 

4 K' = (g^ mod (n)). 

1 45. (New) The network device as recited in Claim 43, wherein 

2 the means for receiving a first user exchange key includes means for receiving a first 

3 user exchange key value Y' computed according to the relation 

18 
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4 Y' = (gymod(n)), 

5 wherein "y" is a private non-zero random integer selected by the first user; and 

6 the means for computing a second secret key includes means for computing the 

7 second secret key "kl" according to the relation 

8 kl = (Y'^mod(n)). 



(New) The network device as recited in Claim 43, wherein the means for sending the 
first multicast group exchange key to the first user further comprises means for the 
first user computing the second secret key "kl" according to the relation 
kl ^CK'^mod (n)), 

wherein "y" is a private non-zero random integer selected by the first user; and 
wherein K' is the first multicast group exchange key. 



1 47. (New) The network device as recited in Claim 28, wherein: 

2 the means for receiving a first user exchange key fi"om a first user comprises means 

3 for verifying that the first user should be allowed entry into the first multicast 

4 group; and 

5 means for providing the first user with the first multicast exchange key only after the 

6 first user is verified for entry into the first muUicast group, 

1 48. (New) The network device as recited in Claim 28, further comprising: 

2 means for generating a second multicast group exchange key based on the second 

3 shared secret key; 

4 means for receiving a second user exchange key fi^om a second user requesting entry 

5 into the second multicast group; 

6 means for computing a third secret key based on the second user exchange key and 

7 the second shared secret key; 

8 means for sending the second multicast group exchange key to the second user, 

9 wherein the second multicast group exchange key allows the second user to 
10 generate the third shared secret key; and 
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1 1 means for establishing a third multicast group whose members include the second 

12 user and the members of the second multicast group, wherein the third shared 

13 secret key provides a second secure channel for communicating between 

14 members of the third multicast group over the insecure network. 

1 49, (New) The network device as recited in Claim 43, further comprising: 

2 means for determining that a first departing member has left the second multicast 

3 group; 

4 means for selecting a private multicast group non-zero random integer; 

5 means for generating a second multicast group exchange key based on the private 

6 multicast group non-zero random integer, the public non-zero integer "g" and 

7 the public prime integer "n"; 

8 means for broadcasting the second multicast group exchange key to each remaining 

9 member of the second multicast group; 

10 means for, in response to receiving the second multicast group exchange key, each 

1 1 remaining member computing a third secret key based on the second multicast 

12 group exchange key and the second shared secret key; and 

13 means for estabUshing a third multicast group whose members include only remaining 

14 members of the second multicast group, wherein the third shared secret key 

15 provides a second secure channel for communicating between members of the 

16 third multicast group over the insecure network. 

1 50. (New) The network device as recited in Claim 28, wherein the means for establishing 

2 a second multicast group requires a total of approximately N+1 messages for 

3 providing the first secure channel for communicating between members of the second 

4 multicast group over the insecure network, wherein N is a number of members of the 

5 first multicast group. 

1 51. (New) The network device as recited in Claim 28, wherein: 

2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

20 
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4 further comprising means for the particular first member sending the first user 

5 exchange key to the other first members of the set of one or more first 

6 members; and 

7 wherein each first member of the set of one or more first members computes the 

8 second secret key based on the first user exchange key and the first shared 

9 secret key. 

^1 52. (New) The network device as recited in Claim 28, wherein: 

j 2 the first user exchange key is received by a particular first member of the set of one or 

3 more first members; 

4 the other first members of the set of one or more first members receive the first user 

5 exchange key fi^om the first user; and 

6 each first member of the set of one or more first members computes the second secret 

7 key based on the first user exchange key and the first shared secret key. 

1 53. (New) The network device as recited in Claim 28, wherein: 

2 the set of one or more first members is a set of one or more first workstations; and 

3 the first user is a second workstation. 
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